3 replies

AshAuthentication + custom api login = ?

I want to create a custom authentication flow for a simple POST /api/auth/login endpoint where I get the username and password from the user of the API. I've found the example of how to write an APIAuthController pasted below, and I've put it in its own file in my project, but I don't know how to fit this into my router, what's the next obvious step that my tired and caffeine fueled brain doesn't realize?

I had a talk with both ChatGPT and Claude.ai about this too, and they sent me down one rabbit hole each, so this is getting exciting!

  defmodule MyAppWeb.ApiAuthController do
    use MyAppWeb, :controller
    use AshAuthentication.Phoenix.Controller
    alias AshAuthentication.TokenRevocation

    def success(conn, _activity, _user, token) do
      conn
      |> put_status(200)
      |> json(%{
        authentication: %{
          status: :success,
          bearer: token}
      })
    end

    def failure(conn, _activity, _reason) do
      conn
      |> put_status(401)
      |> json(%{
        authentication: %{
          status: :failed
        }
      })
    end

    def sign_out(conn, _params) do
      conn
      |> revoke_bearer_tokens()
      |> json(%{
        status: :ok
      })
    end
  end

  defmodule MyAppWeb.ApiAuthController do
    use MyAppWeb, :controller
    use AshAuthentication.Phoenix.Controller
    alias AshAuthentication.TokenRevocation

    def success(conn, _activity, _user, token) do
      conn
      |> put_status(200)
      |> json(%{
        authentication: %{
          status: :success,
          bearer: token}
      })
    end

    def failure(conn, _activity, _reason) do
      conn
      |> put_status(401)
      |> json(%{
        authentication: %{
          status: :failed
        }
      })
    end

    def sign_out(conn, _params) do
      conn
      |> revoke_bearer_tokens()
      |> json(%{
        status: :ok
      })
    end
  end

  defmodule MyAppWeb.ApiAuthController do
    use MyAppWeb, :controller
    use AshAuthentication.Phoenix.Controller
    alias AshAuthentication.TokenRevocation

    def success(conn, _activity, _user, token) do
      conn
      |> put_status(200)
      |> json(%{
        authentication: %{
          status: :success,
          bearer: token}
      })
    end

    def failure(conn, _activity, _reason) do
      conn
      |> put_status(401)
      |> json(%{
        authentication: %{
          status: :failed
        }
      })
    end

    def sign_out(conn, _params) do
      conn
      |> revoke_bearer_tokens()
      |> json(%{
        status: :ok
      })
    end
  end

  defmodule MyAppWeb.ApiAuthController do
    use MyAppWeb, :controller
    use AshAuthentication.Phoenix.Controller
    alias AshAuthentication.TokenRevocation

    def success(conn, _activity, _user, token) do
      conn
      |> put_status(200)
      |> json(%{
        authentication: %{
          status: :success,
          bearer: token}
      })
    end

    def failure(conn, _activity, _reason) do
      conn
      |> put_status(401)
      |> json(%{
        authentication: %{
          status: :failed
        }
      })
    end

    def sign_out(conn, _params) do
      conn
      |> revoke_bearer_tokens()
      |> json(%{
        status: :ok
      })
    end
  end

...or is that module perhaps a red herring?

AshAuthentication + custom api login = ?

Similar Threads

Similar Threads

Similar Threads